- + VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows—Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when...
- + VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks—Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. ...
- + VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks—Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field b...
- + VU#417980: Implementations of UDP-based application protocols are vulnerable to network loops—Overview A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthentic...
- + VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions—Overview A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered...
- + VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks—Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware...
- + VU#446598: GPU kernel implementations susceptible to memory leak—Overview General-purpose graphics processing unit (GPGPU) platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby...
- + VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies—Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single ...
- + VU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.—Overview Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Exte...
- + VU#811862: Image files in UEFI can be abused to modify boot behavior—Overview Implementation of Unified Extensible Firmware Interface (UEFI) by Vendors provide a way to customize logo image displayed during the early ...
- + VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates—Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring i...
- + VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router—Overview An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a ...
- + VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account—Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition...
- + VU#287122: Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process—Overview Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec acc...
- + VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models—Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13...
As of 4/27/24 5:07pm. Last new 4/22/24 3:38am. Score: 465
- Next feed in category: US-CERT Technical Cyber Security Alerts